Export limit exceeded: 35128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45829 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32107 | 1 Ays-pro | 1 Photo Gallery | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions. | ||||
| CVE-2023-32105 | 1 Wp-pizza | 1 Wppizza | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.17.1 versions. | ||||
| CVE-2023-32103 | 1 Themepalace | 1 Tp Education | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Theme Palace TP Education plugin <= 4.4 versions. | ||||
| CVE-2023-32102 | 1 Pexlechris | 1 Library Viewer | 2024-11-21 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin <= 2.0.6 versions. | ||||
| CVE-2023-32089 | 1 Pega | 1 Platform | 2024-11-21 | 4.6 Medium |
| Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description | ||||
| CVE-2023-32088 | 1 Pega | 1 Platform | 2024-11-21 | 4.6 Medium |
| Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation | ||||
| CVE-2023-32087 | 1 Pega | 1 Platform | 2024-11-21 | 4.6 Medium |
| Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation | ||||
| CVE-2023-32077 | 1 Gravitl | 1 Netmaker | 2024-11-21 | 7.5 High |
| Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server. | ||||
| CVE-2023-32000 | 1 Ui | 1 Unifi Network Application | 2024-11-21 | 4.8 Medium |
| A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. | ||||
| CVE-2023-31942 | 1 Online Travel Agency System Project | 1 Online Travel Agency System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php. | ||||
| CVE-2023-31935 | 1 Phpgurukul | 1 Rail Pass Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. | ||||
| CVE-2023-31934 | 1 Phpgurukul | 1 Rail Pass Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. | ||||
| CVE-2023-31853 | 1 Cudy | 2 Lt400, Lt400 Firmware | 2024-11-21 | 6.1 Medium |
| Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter. | ||||
| CVE-2023-31851 | 1 Cudy | 2 Lt400, Lt400 Firmware | 2024-11-21 | 6.1 Medium |
| Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter. | ||||
| CVE-2023-31808 | 1 Technicolor | 2 Tg670, Tg670 Firmware | 2024-11-21 | 7.2 High |
| Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled. | ||||
| CVE-2023-31754 | 1 Optimizely | 1 Optimizely Cms | 2024-11-21 | 4.8 Medium |
| Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel. | ||||
| CVE-2023-31705 | 1 Task Reminder System Project | 1 Task Reminder System | 2024-11-21 | 5.4 Medium |
| A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter. | ||||
| CVE-2023-31698 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). | ||||
| CVE-2023-31581 | 1 Dromara | 1 Sureness | 2024-11-21 | 9.8 Critical |
| Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | ||||
| CVE-2023-31579 | 1 Tangyh | 1 Lamp-cloud | 2024-11-21 | 9.8 Critical |
| Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token. | ||||